EntraExporter
EntraExporter copied to clipboard
Export of 'privilegedAccess/azureResources/resources' not working with P1 license
In Get-EEDefaultSchema.ps1 'privilegedAccess/azureResources/resources', the IgnoreError string is set to: 'The tenant has not onboarded to PIM.'
When running the export with -All, I see the export fail on this endpoint with an error of: 'The tenant needs an AAD Premium 2 license.'
By changing the ignoreError string in this file, I can get the export to complete successfully.
If both error strings are possible under different conditions (e.g. a P1 license vs. a P2 license), perhaps in Export-Entra.ps1, the check against ignoreError could use a -match to allow use of a regex, and then ignore errors for this endpoint could be: (The tenant has not onboarded to PIM.|The tenant needs an AAD Premium 2 license.)
I have the same error with an AAD B2C
Like #62, this sounds like an opportunity to add checks for relevant licenses and handle the error if not applicable.
@merill and @snozzberries, do you think this is in any way related to Maester issue #195? The error and API path are both different, but the scenario feels similar: reading PIM information fails for application identities but works with delegated GA access.